We have webservice deployed on weblogic that implements oasis wsse. Then I created the client using wsconsume from jboss (later tried metro) and called the web service. It always throws an error, I tried to create a test client in soapUI that is sent successfully and found out that the request produced by jboss doesn't match.
There are 2 difference that I've found:
1.) DateToken:
Working:
<wsu:Created>2011-09-06T08:22:14.515Z</wsu:Created>
Not working:
<wsse:Created>2011-09-07T06:12:37.322Z</wsse:Created>
2.) Password Type:
Working:
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">OB7izBPcPE0sfJaAEdD1uIrlFT4=</wsse:Password>
Not working:
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#PasswordDigest'>trvFhf0ZCHQy4cBtNu984fs/nIg=</wsse:Password>
This is how I call the web service from client:
URL clientSideSecurityfile = new File("jboss-wsse-client.xml").toURI().toURL();
BindingProvider bp = (BindingProvider) port;
((StubExt) port).setSecurityConfig(clientSideSecurityfile.toExternalForm());
((StubExt) port).setConfigName("Standard WSSecurity Client");
bp.getRequestContext().put(StubExt.PROPERTY_AUTH_TYPE, StubExt.PROPERTY_AUTH_TYPE_BASIC);
bp.getRequestContext().put(StubExt.PROPERTY_CLIENT_TIMEOUT, 30000);
bp.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "usernmae");
bp.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "password");
responseACK = port.callWebService();
I'm using jboss4.2.3, jbossws-client 3.0.1-native-2.0.4.GA.
Any idea how to resolve this? It seems jbossws is producing wrong wsse tag which should be wsu for datetoken and type for password :-?.
According to the UsernameToken profile specification it should be,
<wsu:Created>
Where
wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-
1.0.xsd"
Also, as per the specification type should be,
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest"
Both;
<wsse:Created>2011-09-07T06:12:37.322Z</wsse:Created>
And
<wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#PasswordDigest'>trvFhf0ZCHQy4cBtNu984fs/nIg=</wsse:Password>
are, not compliant with the specification...
Related
I'm following a tutorial from mulesoft (DataWeave Tutorial) witch implements a Web Service Consumer that calls an external public web service (WSDL). I had no problem to setup the project as described, but when I launch my server I have the following error: "Caused by: java.net.ConnectException: Connection refused: connect".
First thought was that the webservice was unavailable. But I tested it in SoapUI and it workded just fine.
I suppose the error is because the call to the web service is not using the proxy configurations that I have set up in Anypoint Studio. So, in my Web Service Consumer I have set up a HTTP Request Configuration where I added a Proxy Configuration. But it also did not work. Those were my steps:
Web Service Consumer
https://i.stack.imgur.com/hN584.png
References tab
https://i.stack.imgur.com/NIV84.png
HTTP Request Configuration
https://i.stack.imgur.com/Ubpwa.png
Proxy tab
https://i.stack.imgur.com/bBYx1.png
Proxy Configuration
https://i.stack.imgur.com/JDQdf.png
One thing that is immediately noticeable is the the TLS error on the HTTP Request Configuration. This error appears as soon as I choose to use a proxy and when I go to the TLS/SSL tab I have no option to remove the TLS configuration as you can see in the following image:
TLS/SSL tab
https://i.stack.imgur.com/xFqEW.png
Here's the XML of my flow:
<flow name="dataweave_tutorialFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="ex1" doc:name="HTTP" metadata:id="b34a6c34-653f-4b68-8aa3-8292e41a20cf"/>
<dw:transform-message doc:name="Transform Message">
<dw:input-payload doc:sample="C:\temp\dw_example1.json"/>
<dw:set-payload><![CDATA[%dw 1.0
%output application/xml
%namespace ns0 http://mulesoft.org/tshirt-service
---
{
ns0#OrderTshirt: {
size: "M" unless payload.buyer.state == "TX" otherwise "XXL",
email: payload.buyer.email,
name: payload.buyer.name,
address1: payload.buyer.address,
address2: null,
city: payload.buyer.city,
stateOrProvince: payload.buyer.state,
postalCode: payload.buyer.postCode,
country: payload.buyer.nationality
}
}]]></dw:set-payload>
</dw:transform-message>
<ws:consumer config-ref="Web_Service_Tshirt" operation="OrderTshirt" doc:name="Web Service Consumer"/>
</flow>
I'm using Anypoint Studio 6.2.5 with Mule ESB Server 3.8.2.
I have no more ideas for what to change to make this work. Hope anyone has some good suggestion about this. Thanks in advance!
You dont require to mention http in proxy url host can set the proxy using following example:-
<http:request-config name="HTTP_Request_Configuration" host="www.webservicex.com" port="80" doc:name="HTTP Request Configuration">
<http:proxy host="my.example.proxy.com" port="8080"/>
</http:request-config>
You may need to provide your proxy username and password based on your proxy.
A best example is if you follow step by step written here :-
http://www.corralict.nl/wsc-connector-proxy/
and
https://docs.mulesoft.com/mule-user-guide/v/3.8/web-service-consumer
Regarding tls, don't touch the tls part and make sure your HTTP request protocol is set to HTTP and not HTTPS. The error you are seeing is a bug in studio and will not affect if you configure rightly.
I'm working with gSOAP 2.8.15 and I'm trying to implement the HTTP Authentication by following the instructions in section 19.14 of gsoap documentation (http://www.cs.fsu.edu/~engelen/soapdoc2.html#tth_sEc19.14).
The only difference is that the codes introduced in the documentation is written in C but I'am coding in C++.
Here is my codes for client side of the web service
// The variable wsp is a instance of web service proxy generated by soapcpp2.
// The proxy is a sub-class of the class soap
wsp.userid = "user";
wsp.passwd = "password";
// call the function of web service
wsp.get_version(&result);
In the server side, I use these codes to check the authentication:
// The variable wss is the a instance of web service service generated by soapcpp2.
if (wss.userid == NULL || wss.passwd == NULL)
//......
The problem is when I call the function of web service using the client-side code, the userid and passwd is always NULL in server-side. But when I call the same function using soapUI by passing the userid and passwd with preemptive authorisation mode, the server will get the information without problem.
I appreciate if anyone can help me work out the problem. Thanks for your attention.
I have used tcpdump to catch the package sent between web service server and client and I found that there is no http header sent when the client call the function of the web service. So I have done some search in the documentation of gSOAP and found this sentence:
A client may use the http:// prefix. When absent, no HTTP header is
sent and no HTTP-based information will be communicated to the
service.
It solves my problem...
I have down loaded WSO2 ESB Version 4.6 and started the server. Clicked on proxy service. There I have selected WSDL Proxy option. It is asking the following for creating proxy.
Proxy Service Name* OpportunityService
WSDL URI* https://crm-aufsn4x0ruf.oracleoutsourcing.com//opptyMgmtOpportunities/OpportunityService?WSDL
WSDL Service* https://crm-aufsn4x0ruf.oracleoutsourcing.com:443/opptyMgmtOpportunities/OpportunityService
WSDL Port* 443
I just want consume this external web service via ESB. So I dont want publish. Did not configure any publish related fields. Now When I click on create it throws exception "Failed to add proxy service: OpportunityService. Check whether the Proxy already exists
". But I am sure that there is no existed service with that. I have tried with different names but the error is same.
I suspect that may gave values wrong for fields WSDL Service and WSDL Port. If click on Test URI its giving success.Can any one please suggest where I am doing wrong.
Thanks&Regards,
Raghu
For wsdl service parameter you need to give the <wsdl:service name>which you can find in the particular wsdl itself. I dont think it will be a URI like you have mentioned above. Likewise for port you can find the <wsdl:port> parameter in the wsdl.
I have implemented a Spring WS using XWSS for security. I have added a security configuration policy file into my application.
<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"
dumpMessages="true">
<xwss:RequireTimestamp
id="tsp"
maxClockSkew="60"
timestampFreshnessLimit="300">
</xwss:RequireTimestamp>
<xwss:RequireUsernameToken
id="token"
passwordDigestRequired="false"
nonceRequired="false"/>
<xwss:Timestamp></xwss:Timestamp>
<xwss:UsernameToken
name="service"
password="service"
id="uToken"
digestPassword="true"
useNonce="true"/>
</xwss:SecurityConfiguration>
Now I am developing a client to access the WS. The security works fine. But I am unable to test the SUCCESS case in which the client can successfully get a response from my service. The problem is I don't know how to make my client send the usernametoken and timestamp along with the request. I am using NetBeans IDE and I am implementing a JAX-WS client to access the Spring WS using this tutorial.
Please let me know what needs to be done.
For Spring WSS there is not much difference between adding a security header to the ingoing soap messages or to the outgoing ones. The process is very similar.
In both cases, you should create a interceptor for adding the security header. It is described here. So, if you create the WS client using Spring you should not have problems, especially if you have already developed the server side, but the tutorial you referenced doesn't look like using Spring for implementing the client.
You can do this by adding the following code in you client class / class extending the webservicetgatewaysupport.
SoapHeader header = msg.getSoapHeader();
StringSource headerSource = new StringSource("<wsse:Security xmlns:wsse=\"http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" mustUnderstand=\"1\"> <wsse:UsernameToken>
<wsse:Username>"+userName+"</wsse:Username> <wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-username-token-profile-1.0#PasswordText\">"+password+"</wsse:Password> </wsse:UsernameToken>"
+"</wsse:Security>");
Transformer transformer = TransformerFactory.newInstance().newTransformer();
transformer.transform(headerSource, header.getResult());
The above has to go in the message call back handler of the marshalSendANDRecieve metho of the webserviceTemplate
Check this sample for client.
And you could use SoapUI to test your server. Import WSDL, then select any request and open "Properties" window in left-bottom corner. You would see "Username", "Password" and "WSS-Password Type" related settings.
I'm setting up a glassfish server with a single EJB3 as a mocked up backend for a POC. Everything was working fine until I went to add some basic authentication. Just plan text userid and password, nothing sophisticated for this job. I added the following annotations to the EJB:
#WebService(name = "Banking", serviceName = "Banking", targetNamespace = BANKING_NAMESPACE)
#DeclareRoles("user")
#Stateless
public class Banking {
...
#RolesAllowed("user")
#SOAPBinding(parameterStyle = ParameterStyle.BARE)
#WebMethod(action = BANKING_NAMESPACE + "/logon", operationName = "logon")
#WebResult(targetNamespace = XmlStrings.BANKING_MODEL_NAMESPACE)
public LogonResponse logon(#WebParam(targetNamespace = XmlStrings.BANKING_MODEL_NAMESPACE) Logon request) throws WebServiceException {
...
}
}
According to what I've read of EJB3 spec, this is pretty common for doing a SOAP web service.
However when I send this xml:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mod="http://www.dhcbank.com/banking/model">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-79" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>fred</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">fred</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<mod:logon/>
</soapenv:Body>
</soapenv:Envelope>
I get the following error back as a SOAP fault:
java.lang.Exception: Client not authorized for invocation of public com.dhcbank.www.banking.schema.LogonResponse com.dhcbank.www.banking.Banking.logon(com.dhcbank.www.banking.schema.Logon) throws javax.xml.ws.WebServiceException
And in the glassfish log:
[#|2010-10-10T12:49:27.497+1100|INFO|glassfish3.0.1|javax.enterprise.system.core.security|_ThreadID=41;_ThreadName=http-thread-pool-8080-(2);|JACC Policy Provider: Failed Permission Check, context(BankingEAR/Banking_war_internal)- permission((javax.security.jacc.EJBMethodPermission Banking logon,ServiceEndpoint,com.dhcbank.www.banking.schema.Logon))|#]
In the glassfish admin screens I added a user called fred with a fred password and assigned it to a groups called user. But that didn't work.
I did some more reading which suggested that I create a sun-ejb-jar.xml file and add it to the ear file. So I created it with this content:
<sun-ejb-jar>
<enterprise-beans>
<ejb>
<ejb-name>Banking</ejb-name>
<webservice-endpoint>
<port-component-name>Banking</port-component-name>
<login-config>
<auth-method>BASIC</auth-method>
<realm>file</realm>
</login-config>
</webservice-endpoint>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
This is as near as I can tell, correct. However I could not find anything that told me what the values of the port-component-name element should be. So I don't know if I've got it right.
Security does still not appear to be working and I cannot figure out why. Does anyone have any experience with this and can point me at what I've got wrong or not done?
I'm assuming your declared role "user" is the same role name in your file realm? if not provide this mapping in your descriptor:
<sun-ejb-jar>
<security-role-mapping>
<role-name>user</role-name>
<group-name>filerealm-group-name</group-name>
</security-role-mapping>
...
I don't think that you're currently creating the appropriate HTTP header for Basic Authentication. I'm not sure how you create the SOAP request but if you're using a JAX-WS client, the JAX-WS FAQ documents the following:
Q. How do I do basic authentication in JAX-WS?
You can do the following:
HelloService service = new HelloService();
Hello proxy = (service.getHelloPort());
((BindingProvider)proxy).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "userfoo");
((BindingProvider)proxy).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "passbar");
USERNAME_PROPERTY, PASSWORD_PROPERTY
are used primarily for service
requests. I think when you instantiate
Service, it fetches WSDL and the
server is returning 401. You could try
any one of the following solutions.
Use java.net.Authenticator class in your client application.
Provide a local access to the WSDL using catalog. There is a catalog
sample in the jax-ws distribution.
Configure web.xml to allow GET requests without authentication
And unless I'm wrong, the usernametoken would fit if the webservice expects the authentication in the SOAP header, which is not the case according to your description.
In other words, for me, you're currently not sending the credentials for the BASIC auth.
See also
Example: Basic Authentication with JAX-WS
SSL and HTTP BASIC authentication with Glassfish and JAX-WS (more complex scenario)